AgentAudit FAQs

Question 1

What types of threats can AgentAudit detect?

Accepted Answer

AgentAudit detects prompt injection, jailbreaking, agent impersonation, and other AI-specific attacks, alongside traditional vulnerabilities like command injection and data exfiltration. It also identifies MCP-specific risks such as tool poisoning and broad permissions.

Question 2

How does AgentAudit perform its security scans?

Accepted Answer

AgentAudit operates in two modes: a CLI tool for discovering and scanning MCP servers, and an MCP server that allows AI agents to perform audits. It offers quick regex-based static analysis (~2s) for fast triage and deep LLM-powered 3-pass audits (~30s) for comprehensive, context-aware detection.

Question 3

Do I need an API key to use AgentAudit?

Accepted Answer

No, quick regex-based static scans using AgentAudit do not require an API key. However, for deep LLM-powered 3-pass audits, you will need to provide an `ANTHROPIC_API_KEY` or `OPENAI_API_KEY`.

Question 4

What is AgentAudit and what does it secure?

Accepted Answer

AgentAudit is a dedicated security scanner for the AI package ecosystem. It secures AI packages, MCP servers, and agent skills against a range of threats, including prompt injection, supply chain attacks, and core vulnerabilities.

Question 5

What is the AgentAudit Trust Registry?

Accepted Answer

The AgentAudit Trust Registry is a shared, community-driven database of security findings. AgentAudit checks packages against this registry, providing valuable intelligence and accelerating the identification of known risks.

AgentAudit

AgentAudit

Key Features

Use Cases

Key Features

Use Cases